| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
51 |
CVE-2010-3427 |
79 |
|
XSS |
2010-09-16 |
2010-09-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Classifieds 1.7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) desc, (2) price, (3) title, and (4) place parameters to index.php and the (5) subject parameter to contact.htm, related to content/contact.php. |
|
52 |
CVE-2010-3426 |
22 |
2
|
Dir. Trav. |
2010-09-16 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. |
|
53 |
CVE-2010-3425 |
79 |
|
XSS |
2010-09-16 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter. |
|
54 |
CVE-2010-3424 |
79 |
|
XSS |
2010-09-16 |
2020-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
55 |
CVE-2010-3423 |
89 |
|
Exec Code Sql |
2010-09-16 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method. |
|
56 |
CVE-2010-3422 |
89 |
1
|
Exec Code Sql |
2010-09-16 |
2010-09-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. |
|
57 |
CVE-2010-3421 |
79 |
|
XSS |
2010-09-16 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ProductCart 3, 4.1 SP1, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter, a different vector than CVE-2004-2174 and CVE-2005-0995. NOTE: some of these details are obtained from third party information. |
|
58 |
CVE-2010-3420 |
79 |
|
XSS |
2010-09-16 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Products_Results.php in PowerStore 3.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_WADAProducts parameter. |
|
59 |
CVE-2010-3419 |
94 |
2
|
Exec Code File Inclusion |
2010-09-16 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php. |
|
60 |
CVE-2010-3418 |
79 |
|
XSS |
2010-09-16 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) car_id parameter to index.php and (2) y parameter to include/images.php. |
|
61 |
CVE-2010-3417 |
200 |
|
+Info |
2010-09-16 |
2020-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors. |
|
62 |
CVE-2010-3416 |
119 |
|
DoS Overflow Mem. Corr. |
2010-09-16 |
2020-08-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. |
|
63 |
CVE-2010-3415 |
119 |
|
DoS Overflow Mem. Corr. |
2010-09-16 |
2020-07-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. |
|
64 |
CVE-2010-3414 |
119 |
|
DoS Overflow Mem. Corr. |
2010-09-16 |
2021-09-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X. |
|
65 |
CVE-2010-3413 |
|
|
DoS |
2010-09-16 |
2020-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors. |
|
66 |
CVE-2010-3412 |
362 |
|
|
2010-09-16 |
2020-07-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors. |
|
67 |
CVE-2010-3411 |
617 |
|
DoS |
2010-09-16 |
2020-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors. |
|
68 |
CVE-2010-3410 |
399 |
|
DoS |
2010-09-16 |
2010-09-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements. |
|
69 |
CVE-2010-3409 |
399 |
|
DoS |
2010-09-16 |
2010-09-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG styles. |
|
70 |
CVE-2010-3408 |
399 |
|
DoS |
2010-09-16 |
2010-09-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs during parsing. |
|
71 |
CVE-2010-3407 |
119 |
1
|
Exec Code Overflow |
2010-09-16 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V. |
|
72 |
CVE-2010-3406 |
|
|
|
2010-09-16 |
2017-09-19 |
1.7 |
None |
Local |
Low |
??? |
None |
Partial |
None |
|
Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors. |
|
73 |
CVE-2010-3405 |
119 |
|
Overflow +Priv |
2010-09-16 |
2018-11-28 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors. |
|
74 |
CVE-2010-3404 |
89 |
1
|
Exec Code Sql |
2010-09-16 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx. |
|
75 |
CVE-2010-3403 |
|
|
Exec Code |
2010-09-16 |
2010-09-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor (QXDM) 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .isf file. |
|
76 |
CVE-2010-3402 |
|
|
Exec Code |
2010-09-16 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file. |
|
77 |
CVE-2010-3400 |
310 |
|
|
2010-09-15 |
2017-09-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913. |
|
78 |
CVE-2010-3399 |
310 |
|
|
2010-09-15 |
2017-09-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171. |
|
79 |
CVE-2010-3398 |
|
|
|
2010-09-15 |
2010-09-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W. |
|
80 |
CVE-2010-3397 |
|
|
Exec Code |
2010-09-15 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file. |
|
81 |
CVE-2010-3396 |
119 |
1
|
Exec Code Overflow |
2010-09-15 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information. |
|
82 |
CVE-2010-3380 |
|
|
+Priv |
2010-09-29 |
2010-09-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. |
|
83 |
CVE-2010-3332 |
209 |
|
|
2010-09-22 |
2020-11-23 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." |
|
84 |
CVE-2010-3324 |
79 |
|
XSS Bypass |
2010-09-17 |
2021-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. |
|
85 |
CVE-2010-3323 |
|
|
|
2010-09-14 |
2010-09-14 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
|
Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter. |
|
86 |
CVE-2010-3322 |
264 |
|
+Priv +Info |
2010-09-14 |
2010-09-14 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors. |
|
87 |
CVE-2010-3320 |
20 |
|
|
2010-09-13 |
2010-09-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
|
88 |
CVE-2010-3319 |
255 |
|
+Info |
2010-09-13 |
2010-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file. |
|
89 |
CVE-2010-3318 |
255 |
|
+Info |
2010-09-13 |
2010-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. |
|
90 |
CVE-2010-3317 |
79 |
|
XSS |
2010-09-13 |
2010-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
91 |
CVE-2010-3314 |
79 |
1
|
XSS |
2010-09-22 |
2010-09-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter. |
|
92 |
CVE-2010-3313 |
94 |
1
|
Exec Code |
2010-09-22 |
2013-08-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters. |
|
93 |
CVE-2010-3310 |
189 |
|
DoS Mem. Corr. |
2010-09-29 |
2018-11-27 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions. |
|
94 |
CVE-2010-3306 |
22 |
1
|
Dir. Trav. |
2010-09-24 |
2010-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI. |
|
95 |
CVE-2010-3304 |
264 |
|
|
2010-09-24 |
2011-02-12 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs. |
|
96 |
CVE-2010-3301 |
269 |
|
+Priv |
2010-09-22 |
2020-08-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. |
|
97 |
CVE-2010-3298 |
200 |
|
+Info |
2010-09-30 |
2020-08-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. |
|
98 |
CVE-2010-3297 |
909 |
|
+Info |
2010-09-30 |
2020-08-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call. |
|
99 |
CVE-2010-3296 |
200 |
|
+Info |
2010-09-30 |
2020-08-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call. |
|
100 |
CVE-2010-3294 |
79 |
|
XSS |
2010-09-24 |
2012-07-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
